In response to government surveillance or massive data gathering, many people say that there’s nothing to worry about. “I’ve got nothing to hide,” they declare. “The only people who should worry are those who are doing something immoral or illegal.”
This year is the 10th anniversary of the piece. A lot has happened between then and now. Not too long before I wrote my essay, there were revelations of illegal NSA surveillance. A significant percentage of the public supported the NSA surveillance, and the nothing-to-hide argument was trotted out again and again. This was the climate in which I wrote the essay.
Later on, in 2013, Edward Snowden revealed that the NSA was engaging in extensive surveillance far beyond its legal authority. Snowden declared: “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” This time, there was a significantly large percentage of the public that didn’t side with the NSA but instead demanded scrutiny and accountability.
Nevertheless, the nothing-to-hide argument is far from vanquished. There will always be a need for citizens to demand accountability and oversight of government surveillance, or else we will gradually slide into a more dystopian world.
Here are a few short excerpts from my nothing-to-hide essay:
A while ago, I wrote about a case involving a member of the St. Louis Cardinals baseball team staff who improperly accessed a database of the Houston Astros. There is now an epilogue to report in the case. The individual who engaged in the illegal access — a scouting director named Chris Correa — was fired by the Cardinals, imprisoned for 46 months, and banned permanently from baseball. The Cardinals were fined $2 million by Major League Baseball Commissioner Rob Manfred, and they must forfeit their first two picks in the draft to the Houston Astros.
According to an article about the incident in the St. Louis Post-Dispatch: “As outlined in court documents, the U.S. attorney illustrated how Correa hacked Houston’s internal database, ‘Ground Control,’ 48 times during a 2½-year period. He viewed scouting reports, private medical reviews and other proprietary information. The government argued that Correa may have sought to determine if Houston borrowed the Cardinals’ data or approach, but the information he accessed was ‘keenly focused on information that coincided with the work he was doing for the Cardinals.'”
As I wrote in my piece about the case, there are several lessons to be learned. One lesson is that it is a myth that hacking and computer crime must be hi-tech. Here, Correa’s hacking was nothing sophisticated — he just used another person’s password. The person had previously worked for the Cardinals, and when he went to the Astros, he kept using the same password. In my piece, I discussed other lessons from this incident, such as the importance of teaching people good password practices as well as teaching people that just because they have access to information doesn’t make it legal to view the information. The Cardinals organization appears to have learned from the incident, as the “employee manual has been updated to illustrate what is illegal activity online,” and the organization is using two-factor authentication to protect its own sensitive data. The article doesn’t say whether the Astros also stepped up their security awareness training by teaching employees not to reuse their old passwords from another team.
A dramatic legal battle is taking place that will have dramatic implications for the future of technology, privacy, security, and the extent of government power. The FBI obtained an order from a magistrate judge to force Apple to develop software to help the FBI break into an encrypted iPhone.
The passing of Justice Antonin Scalia has brought a wave of speculation about current and future U.S. Supreme Court cases. One area where there might be a significant impact will be the 4th Amendment, which provides the primary constitutional protection against government surveillance and information gathering. A new justice could usher in a dramatic expansion in 4th Amendment protections against government surveillance.